From: Junio C Hamano <gitster@pobox•com>
To: Jim Meyering <jim@meyering•net>
Cc: Marcus Karlsson <mk@acc•umu.se>, git list <git@vger•kernel.org>
Subject: Re: [PATCH] diff: avoid stack-buffer-read-overrun for very long name
Date: Thu, 26 Apr 2012 09:13:03 -0700 [thread overview]
Message-ID: <xmqq62cma2uo.fsf@junio.mtv.corp.google.com> (raw)
In-Reply-To: <87d36uxzfw.fsf@rho.meyering.net> (Jim Meyering's message of "Thu, 26 Apr 2012 17:52:51 +0200")
Jim Meyering <jim@meyering•net> writes:
> What do you think about replacing those two append-if-needed two-liners:
>
> if (buffer2.len && buffer2.buf[buffer2.len - 1] != '/')
> strbuf_addch(&buffer2, '/');
>
> by something that readably encapsulates the idiom:
>
> strbuf_append_if_absent (&buffer2, '/');
>
> (though the name isn't particularly apt, because you might
> take "absent" to mean "not anywhere in the string," so maybe
> strbuf_append_if_not_already_at_end (ugly) or
> strbuf_append_uniq
> )
I am not good at names, but strbuf_terminate_with(&buffer2, '/')
perhaps?
> There are several other uses that would benefit from such a transformation:
> To find the easy ones, I ran this:
>
> git grep -B1 "strbuf_addch.*'"|grep -A1 '!='
>
> I've manually marked/separated the ones that don't apply.
>
> Note how only 2 of the 6 candidates ensure that length is positive
> before using ".len - 1":
Yikes, that is embarrasing ;-)
>
> ------------------------------------
> builtin/branch.c- if (!buf.len || buf.buf[buf.len-1] != '\n')
> builtin/branch.c: strbuf_addch(&buf, '\n');
> --
> builtin/fmt-merge-msg.c- if (out->buf[out->len - 1] != '\n')
> builtin/fmt-merge-msg.c: strbuf_addch(out, '\n');
> --
> builtin/log.c- if (filename.buf[filename.len - 1] != '/')
> builtin/log.c: strbuf_addch(&filename, '/');
> --
> builtin/notes.c- if (buf.buf[buf.len - 1] != '\n')
> builtin/notes.c: strbuf_addch(&buf, '\n'); /* Make sure msg ends with newline */
> --
> refs.c- if (real_pattern.buf[real_pattern.len - 1] != '/')
> refs.c: strbuf_addch(&real_pattern, '/');
> --
> strbuf.h- if (sb->len && sb->buf[sb->len - 1] != '\n')
> strbuf.h: strbuf_addch(sb, '\n');
next prev parent reply other threads:[~2012-04-26 16:14 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-16 15:20 [PATCH] diff: avoid stack-buffer-read-overrun for very long name Jim Meyering
2012-04-16 22:27 ` Marcus Karlsson
2012-04-24 16:09 ` Jim Meyering
2012-04-25 19:37 ` Junio C Hamano
2012-04-26 15:52 ` Jim Meyering
2012-04-26 16:13 ` Junio C Hamano [this message]
2012-04-26 16:21 ` Bert Wesarg
2012-04-26 16:26 ` Jim Meyering
2012-04-26 16:53 ` Bert Wesarg
2012-04-26 17:26 ` Jim Meyering
2012-04-26 16:22 ` Jim Meyering
2012-04-27 12:55 ` Andreas Ericsson
2012-04-27 15:07 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq62cma2uo.fsf@junio.mtv.corp.google.com \
--to=gitster@pobox$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
--cc=jim@meyering$(echo .)net \
--cc=mk@acc$(echo .)umu.se \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox